Slashdot Mirror


User: Skapare

Skapare's activity in the archive.

Stories
0
Comments
6,883
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,883

  1. Re:See Rule #1 on A Day In The Life Of A Spammer · · Score: 1

    If the author is repeating what the spammer said, he should quote it and make it clear that is what the spammer said, or otherwise word it to make it clear that is what the spammer believes or says. It comes across as the author asserting as fact that anti-spammers want to shut down legitimate bulk mailers under a definition for legitimate bulk mailers that everyone agrees to. The author would do well to commit a paragraph or a few to the distinctions between what different people consider to be legitimate.

  2. Yet another content filter - move along on A Day In The Life Of A Spammer · · Score: 3, Informative

    This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?

  3. Re:See Rule #1 on A Day In The Life Of A Spammer · · Score: 1

    If that is the spammer speaking, then yes, I can believe the reference is to his concept of legitimacy. But the wording ...

    Nevertheless, his work has made him enemies. The bane of his existence, of course, is the anti-spam community, which is often quite zealous in its efforts to put spammers, legitimate bulk mailers and scammers alike out of business

    ... looks more like the author of the article saying that.

  4. One good effect of the CAN-SPAM law is ... on A Day In The Life Of A Spammer · · Score: 1

    One good effect of the CAN-SPAM law is ... although spammers are improving on defeating this effect ... it forces spammers to be more easily identified to be "legal". That makes it easier to identify them for the purpose of tracking them, or blocking them, or forcing their ISP to terminate services if their activities are inconsistent with the services provided by that ISP, or blocking their ISP if that ISP intentionally serves spammers. This benefit is not enough, and is greatly offset by the fact that the overall spam volume has gone up tremendously since the law went into effect (my spamtraps show a 5X increase between January and July of 2004).

  5. putting legitimate bulk mailers out of business? on A Day In The Life Of A Spammer · · Score: 1
    Nevertheless, his work has made him enemies. The bane of his existence, of course, is the anti-spam community, which is often quite zealous in its efforts to put spammers, legitimate bulk mailers and scammers alike out of business

    What anti-spammers are trying to put legitimate bulk mailers out of business? Maybe some small time antis are doing that. The major anti-spam groups and lists are not. But some do try to put spammer harboring ISPs out of business, which can affect their other customers, so maybe that is what they are confused about.

  6. Re:iptables -I FORWARD -s isp/20 -j DROP on Spam's U.S. Roots · · Score: 1

    If you just block MCI/UUNET, you'll probably have half the spam licked right there. You can get the list or find a DNSBL from blackholes.us.

  7. Many ISPs are guilty, too on CAN-SPAM Is A Bust · · Score: 1

    Many ISPs are guilty, too. MCI/UUNET is the worst in the US. They know damned well that over a hundred of their customers are major spammers, yet they keep them online regardless of any AUP policies. Obviously, they want a piece of the spam cash cow. So the rest of us suffer even more because so many spammers find it easier to flood our networks.

    Right now, boycott is the only way to deal with it. That means that no only will I refuse to do business with MCI/UUNET, I will also refuse to accept any SMTP delivered mail from any of their IP address space (I have a huge list). And lots of other networks are doing this now.

    If you don't like a boycott, then maybe you should support a $25 fine, per message to each recipient, imposed on the ISP that retained a spammer for at least 30 days. Of course that would completely wipe out MCI/UUNET given the massive volume of abuse coming from there. But I say good riddance.

  8. Myth #2: Lack of Applications -- Visio on Exploring Linux Desktop Myths · · Score: 2, Informative

    The one big thing I still use Windows for is to run Visio. And I do some rather complex stuff with it at times, that simple drawing tools cannot compare to, such as programming my own shapes. Anyone have this for Linux (even commercial payware) or BSD?

    And for those who are thinking of trying an exploit on me ... it's not connected to the net.

  9. VoIP needs to be IP on both ends on FCC Rules VoIP Must Be Tappable · · Score: 1

    VoIP needs to be IP on both ends. The PSTN (public switched telephone network) needs to be abandoned ASAP. Everything should eventually just be IP to IP. There would no longer be phone numbers; you reach people by a domain name and other mnemonic identity. But the important part is that all communications will then be strictly end-to-end, and to anything in between, will just be a bunch of scrambled bits.

  10. Re:Certifications that value and expect thinking. on Linux Jobs on the Rise · · Score: 1

    If I have 500 to be narrowed down to 5, I doubt a certification will do the job correctly, unless the certification specifically tests for what I'm looking for. And RHCE is simply not an IQ test. It's a knowledge test. And in my opinion, that's only a small portion of the need. I wouldn't want to over-emphasize that ti whittle 500 down to 5 because it can end up throwing out the one ideal person I might have wanted, who might not have a certification at all.

    So in theory, the way to do it is to use the certification as just a weighted measure according to the value of the need of what skill it tests. The trouble is, my experience is that it just doesn't work that way. Now this could be because the proportion of what I'm looking for is very small among the population of those with certification. The trouble is, if I use a certification as a weighted factor at all, it's going to decrease the quality of what I get. That's based on actual experience. Maybe the only thing we can agree on is that I didn't get a fair sampling of the set of people with certifications?

    I've mostly made up my mind. One can't just keep pondering any problem forever. Decisions have to eventually, and sooner than preferred too often, be made. You make a decision and move on. Measuring people is not a field of perfection. But I've had excellent people working for me or with me. And they were not certified in anything (except for college degrees which most, but not all, had).

    If among 500 applicants for a Linux SA job was one with a CCIE, sure, I'd probably be sure to include that one in the short list. But those certs are rare enough there would not likely even be one.

  11. Re:Certifications that value and expect thinking. on Linux Jobs on the Rise · · Score: 1

    I've met several people with RHCE's. I've met lots more with MCSE's. A couple had both. I've met many with various Cisco, Novell, Sybase or Sun certifications. Among them were people who were smart. But the proportion of people who were smart among those who had certifications was less than the proportion of people who were smart among those who just generally had experience in these fields ... except for the CCIE where 100% of the half dozen I met were all very smart people (though I did have to explain to one of them how to set up CIDR delegation of in-addr.arpa DNS zones).

    So in summary, based on my experience of close to 100 technical people I've met in the course of managing systems and networks at 4 different companies, having certification is a slightly negative indicator on the level of intellect to do the jobs I might have for them. But I was hiring for people who could recognize problems, determine their cause, figure out a solution, and deploy that solution without any disruption, all without ever having to consult with me on it (just put it in a line item in the weekly report). I wanted people who didn't just understand how things worked, but could readily figure out how new things worked on their own ... not people who would memorize common steps. These were in businesses that were tech companies, or were deploying a significant high-tech presence. The average manager in the average business does not look for that kind of person; they want someone willing to follow strict directions from a manager who is himself very lightly to be making bad decisions. Such managers need people with certifications to cover their (the manager's) arse.

    I think it comes down to the fact that I am capable of figuring out who can, or cannot, do the job, without having to use the fact that they have certification, and generally have higher level requirements. The only reason I'd even need to see experience on the resume is because of the volume received. If I had only 5 applicants and exactly one of them is qualified for the job, I will be able to figure out exactly which one is during the interview. even of none of them have any experience or training at all.

  12. Re:Whistleblower? on Alabama IT Whistleblower Fired For Spyware · · Score: 1

    I don't have a reason to hang the SA. And I think being fired for wasting taxpayer dollars would be more embarassing than being lynched from a tree.

  13. Re:Certifications that value and expect thinking. on Linux Jobs on the Rise · · Score: 1

    Eventually people do make up their minds. I've been dealing with this for many years. I bet I've fired more SA's than you've hired. Technically I'm always open minded. I've just seen more reasons to distrust people wielding certifications than reasons to trust them. And yes, CCIE is the exception. All the people who had CCIE were people I wanted to hire (but didn't have the money get them on board).

  14. Re:Certifications that value and expect thinking. on Linux Jobs on the Rise · · Score: 1

    I find it sad that a certification has more emphasis on fixing things rather than making things that don't break (as often). Sounds like someone just copied MCSE and changed a few words to make RHCE.

    Also sad, and further sad that it is true, are cases where bosses pick all the details about how a system should be set up, then expect the SA to do it that way. Instead, they should specify what the machine needs to accomplish, and have the SA do what it takes. The SA will figure all that out, or variations on it that might be more reliable or more secure. The job of an SA really is more than just an "install jockey".

    If I am ever hiring an SA (it could be possible sometime next year), be sure to leave all certs off your resume, except for CCIE. Otherwise I'll be wondering why you were wasting your time. Otherwise I consider them to have zero value (except a CCIE would be a plus even for a non-NA job).

  15. Re:Linux certification on Linux Jobs on the Rise · · Score: 1

    That's what entry level jobs are for ... to get started. Sure, a cert could be used to get you in. So can intellect. And with Linux jobs still limited to the kind of managers that value thinking, the intellect is likely to hold more value than the cert. But eventually, as Linux continues to grow, and expanding into the "masses" of the job market, more managers will just want certs because they either won't care about intellect, or wouldn't know how to recognize it if it bit them in tha arse.

    In today's job market, there are plenty of people still available with experience. And they can be had for cheap, too. So certs just don't seem to be the thing, yet. But it will happen.

  16. Re:Whistleblower? on Alabama IT Whistleblower Fired For Spyware · · Score: 2, Insightful

    Yes, he reported it to higher ups, who never said "that's something we allow him to do". Instead, they ignored the report. So the SA backed it up with evidence. That finally got the action that should have been done the first time around. So clearly the boss's boss was lax in dealing with the matter in the first place. Had the boss's boss been doing his job, none of this would have taken place (besides the boss being told to stop being lazy on the job).

    There were no boundaries overstepped here. The SA's job included monitoring the network for any form of abuse, waste, or other inappropriate use. Virtually every government entity has rules of conduct that not only say such waste is wrong, but that they waive privacy on government owned computers, too.

    The two bosses should be fired and the system administrator restored with full back pay and back benefits. He was doing his job.

  17. Re:Horseshit on Alabama IT Whistleblower Fired For Spyware · · Score: 1

    Remind me to never hire you for any management job, especially in government. Your attitude is the kind of thing that helps perpetuate waste of tax dollars in government. But maybe that's the norm in Alabama?

    This is clearly a case where the "channels" don't cut it. And it is this guys job description to monitor usage. And it is ALDOT policy that usage can be monitored (posted elsewhere in the /. thread).

    I'm sure he'd have had to deal with things regardless of who was doing the waste. The fact that it was his BOSS just made it harder, but it should never justify avoiding the duty. Then the higher ups that simply did this to try to cover it up.

    This will be a case used to point at Alabama as a place of waste and corruption ... unless the end up resolving it by firing the card playing boss, and firing the guy who fired the sysadmin, and restoring the sysadmins job with full backpay. If the governor's intent to have a well run state means anything, he'll take steps to ensure things are made right here. Otherwise his word means nothing.

    I don't live in Alabama, but if this ever happened here, I know I'd be all over the story demanding the wrongs be righted.

  18. Linux certification on Linux Jobs on the Rise · · Score: 3, Insightful
    How much clout does a Linux certification have? Do employers value certifications?
    Melland: I wish that I could say that Linux certification carries a lot of clout, but so far it has not taken off the way people expected. Certification doesn't hurt, but what employers are really looking for today is experience. This is true across most technology disciplines. Candidates need to demonstrate that they have "been there, done that" rather than just proving their skills.

    Why would he wish that certification carries a lot of clout? And who is it that expected it to?

    Linux is certainly growing in market share, but it's still mostly in environments with management that values the thinking processes and figuring out the right ways to do things. When Linux finally reaches the level where it gets used by managers that don't value the thinking process, and just pick things because it might look good, or because someone wearing another tie said it was good, then we'll see certification in more demand. And they will get what they deserve, too, just like they got when they wanted an MCSE to run their Windows machines. The more the masses get certification, the less value that certification has. But that seems to be when managers want it most. How silly.

  19. Re:Where forged sender spam comes from on RMS Weighs In On SPF/Sender-ID License · · Score: 1

    Maybe you need to read my post again. There is an exemption for people like you (and me). If you know what it means to have total access on all ports, then you should have it (unless you abuse it). It's just the average user (who outnumber us over 10000 to 1) who shouldn't have it because they don't need it and they don't know how to prevent its abuse. Allowing millions of zombies to be online just because you can't be bothered to simply give some evidence that you know what you are doing when signing up for your access account just isn't acceptable. In such cases people like me will block that entire provider's customer IP space ... which I do know for hundreds of such providers. So as it stands now, you don't really have total access because of such blocking. But if your ISP would do as I suggest ... followed by you specifically asking for the services you need to have (by their name to show you at least know what it is), then you would get more access.

    Think of it this way: I have no way to distinguish the 0.01% of cable and DSL customers that do know what they are doing (such as you). But the cable/telco company does by the plan I suggested. For you, things will work better with the plan.

    SMTP AUTH is not to prevent a spammer from submitting email. It's there to quickly and readily identify who has let the spammer submit email. It's also there for stateful rate limiting so the rate is applied per customer, not per IP address.

    If you enable SMTP outbound access, you won't be affected by the rate limit on the provider's mail server since you won't be using it.

    Right now many ISPs like comcast and charter are losing access because they are being massively blocked. I even had to go so far as to block charter's own mail servers due to the abuses that they would do absolutely nothing about. Are you going to use an ISP like that?

  20. Where forged sender spam comes from on RMS Weighs In On SPF/Sender-ID License · · Score: 3, Insightful

    I think we need to take a look at where forged sender spam comes from before we are willing to consider trying to detect forgery as a means to detect a message as being spam. In the past, small time spammers did forgery to avoid flooding their one mailbox. Now days, bigger spammers have domain names (often thousands of them) and don't have to worry about that issue. But there are still spammers doing forgery. Most of these using the infected zombie machines on insecure home computers often connected 24x7 via "always on" DSL or Cable.

    If the providers hosting these users would:

    • block outbound port 25 from these users (with certain exceptions)
    • require SMTP AUTH to log in to their provided mail server
    • rate limit mail sent through that mail server (for example no more than 30 messages per hour)
    then this would go a long way to defeat the utilization of these infected machines as a spamming tool.

    I mentioned an exception to the port 25 blocking. They should simply allow port 25 for anyone who mentions certain keywords indicating they need it. While there is some spamming that originates at the DSL or Cable user, that doesn't account for much right now. So sure, someone intent on spamming can call in to customer support and ask "please enable SMTP for my access account". But they would be fewer in number than those who ask the same because they just want to run their own home mail server without having to forward through the ISP's mail server. And one simple way to do this is to ship DSL/Cable modems with SMTP access disabled except for the provider mail servers. And manufacturers could do that if providers would set up private IP addresses to access their mail servers (so by default SMTP would be allowed to 10.0.0.0/8, 172.16.0.0/12, 169.254.0.0/16 and 192.168.0.0/16). Someone who wanted to run their own mail server could simple change the settings. The average user who lets machines become infected would know nothing about it.

    Like anything else, this isn't a solution to spam. But it is a viable alternative to forgery detection in terms of catching most of the spam from most of the sources being used by the spammers that do use sender address forgery.

  21. Re:It's pretty simple on RMS Weighs In On SPF/Sender-ID License · · Score: 1
    The fundamental [thing?] with email is that I want any person in the world to be able to send me a message but I don't want spam. The problem is there is no tehcnial way to tell them apart.

    If you are presuming that SPF, or the like, would determine what is, or is not, spam, then you are misunderstanding what they do. But I'll guess you are just pointing out the misdirection of SPF.

    But let me add on to the technical problem you pointed out. The very same message from the very same sender may be spam to you and not spam to me. Yes, I do get marketing email because I have requested it. I just do that far less these days because of so much distrust created by the spam problem. I'm glad you aren't proposing some content analysis solution.

    My point is, we really should not be even trying to tell whether something is, or is not, spam. Instead, we should focus our efforts at those who are clearly sending things they know people do not want. The technical term for spam is Unsolicited Bulk Email (UBE). Nothing in that term has anything to do with the content. If I were to send a copy of this post to the millions of recipients on one of the spammer lists, it would be UBE despite not being a commercial marketing message.

    Our real focus should be on those who do the spamming that steals our time, our computer processing resources, and our network bandwidth resources (this theft persists even if the mail server refuses to accept the mail, as mught be done with a DNS based blacklist), and on those who provide them with the finances and services to keep the spamming activities going (meaning: also include those who pay spammers for services, and those who provide services to spammers). Doing that will be hard, since most of the largest ISPs in the USA are hosting spammers and refusing to stop their activities. MCI/UUNET is apparently the worst right now.

  22. Re:Which browser to use? on Why You Should Use XHTML · · Score: 1

    BTW, regarding your "only stupid firms used it" comment ... there once was a time when Netscape 4 (or 4.77) was the newest, latest, greatest browser. Of course 4.0 was quite buggy and slow at the time. But I tried it, and things didn't work at all. My desktop at the time needed to give the -geometry command line option, which worked OK in NS 3.04 but not at all in NS 4.0 (actually I detected that problem in beta2 and reported it then). NS 4 was also very slow at rendering certain pages, and in some cases really screwed up bad. It still screws up some table layouts (NS 3 gets them right) so it's not a perfect browser by any means. But did that make it stupid to use NS 4? Well, certainly not when the choice was NS 4 vs. NS 3 vs. IE whatever. Maybe back then you'd say NS 3 was stupid.

    I have since upgraded to NS 4 ... did that around 4.73

    But I also still have NS 3.04 around for those rare occaisions nothing else works right. They are getting rarer now (haven't used it since October 2003).

    So I have to understand your meaning of "only stupid firms ... still use it ... after I have upgraded to the new version". Well maybe you're just geeky enough to live with, deal with, or maybe just not have to worry about, the limitations and problems of the newest version. But the world just does not upgrade to the newest things immediately. If new versions always worked perfectly, they would be limited in what new things they could do. Improvements always have some degree of leaving the legacy behind. And they have to make decisions on what they do leave behind and what they can improve. But regardless of what those choices are, they are never optimal for everyone. So you will always have some people that can upgrade immediately and some people that need to hold out for a long time. I'm somewhere in the middle, still using NS 4 for the bulk of my multiple browser instances (I eventually designed a workaround to the -geometry problem). I do use Firebird for some browsing, but it's limited because it can't do multiple instances. The tabbed windowing helps, as do multiple windows, but still not enough because settings do need to be changed at times, and that still causes problems.

    BTW, I went to download Firefox (the new name) 0.9 ... but I can't find the source code for the release version. It's there for Mozilla, but not for Firefox. Do you know where the source code is (not the latest CVS nightly hack; I mean the source of the version used to build the 0.9 binaries)?

  23. Re:Which browser to use? on Why You Should Use XHTML · · Score: 1

    So tell me this, since I don't see it mentioned on that site at all. Will it now let you start multiple instances (I run a 40 virtual desktop environment) and let you save all the settings separately?

  24. Re:Which browser to use? on Why You Should Use XHTML · · Score: 1

    I have tried all those. Back to Netscape 4.77.

    For starters, Firefox gets all mixed up when launching multiple instances (which I do every day ... I have about 8 instances of Netscape 4.77 running now, and that's about average). Firefox intermingles the changes. When I start it again, it loads up with some mixed set of properties from the others that were started, some that have exited and some that are still running. Right now Firefox is usable only one instance at a time.

    So find me a browser which will work when I start multiple instances and it will properly save any settings separately.

    The rendering still has pixel boundary bugs. As I scroll in some fonts, rows of pixels either get omitted or shifted left or right by one. That could simply be a bug where some people of code somewhere is incrementing horizontal when it should be incrementing vertical.

    Firefox and it's cousin Mozilla still do not properly handle the -geomtry command line option for startup. That was the first bug I reported years ago. I still get Bugzilla reports on it being re-assigned around, but no one ever fixes it. Open Source development still has some of the same problems as commercial development ... they don't have enough time/people to fix everything and they have to prioritize. But too often the priority is to skip old bugs and add new features which just adds new bugs. I think they should call a halt to all new features for a year and focus everyone on old bugs (either fix them or identify them as part of design problems to be corrected in the next major version).

    Netscape 4.77 also has a smaller memory footprint than any of those.

  25. Which browser to use? on Why You Should Use XHTML · · Score: 1

    So which browser should I use to be up to the latest "standards compliant" ... and also work reliably the way I am used to working? I've tried Firebird, which is Mozilla based. But it has too many bugs and mis-features for it to be my default browser. I can still start it up when needed, but it's a pain because I have to set about 20 configuration items each time because it won't save them correctly. Netscape 4.77 is my default browser with Netscape 3.04 as a fallback when I get some really raunchy HTML.

    FYI, I use Linux, so please don't suggest IE.

    Note: this post is an entrapment to get free tech support.